Six simple steps you can take to protect yourself from ID theft

Published: Sunday, August 10, 2008

EILEEN AJ CONNELLY

NEW YORK - It is the largest case of identity theft in the country. More than 41 million credit and debit card numbers were stolen by an international ring that hacked into the computer networks of nine national retail chains, including Barnes & Noble, BJ's Wholesale Club, OfficeMax and TJX Cos.

This week's indictments serve as a warning to consumers. But they also can serve as a reminder to take a few simple steps to protect yourself from this kind of crime, which affects as many as 8 million Americans each year, costing billions of dollars and countless hours to correct the problems it creates.

By law, when a data breach occurs, a company is required to send a letter to notify customers of their possible exposure, said Steve Ely, a divisional president for credit reporting company Equifax Inc. But he said companies often downplay the problem to minimize damage to their reputation. "Ninety-nine percent of the time (breach letters) look like a piece of junk mail, and people throw them away."

That's a mistake. Such a letter may be the first indication that your personal information has been compromised.

And indictments like those announced Tuesday aren't likely to prevent your data from getting into the hands of other criminals, warned Paul Stephens, director of policy and advocacy at Privacy Rights Clearinghouse, a nonprofit in San Diego.

"Even though they may have found the individuals," said Stephens, "that is no guarantee that that information is

not out there and available to people to use for fraudulent purchases."

Whether or not you've received a letter, there are simple steps to help prevent, or at least minimize the problems that can arise if you become a victim.

 Limit access to information:

Carry as few credit cards as possible, and leave your Social Security card at home. Never give out personal information by phone, mail or on the Internet unless you initiated the exchange and are clear why you're sharing such details.

Other important steps include emptying your mailbox as soon as possible; shredding or tearing up credit card offers, bills and other personal papers before discarding them. Also make sure Web sites used for online purchases are secure - one good sign is that the address bar turns green in the most recent versions of Web browsers.

 Minimize use or debit cards:

It's advised that you limit or eliminate use of debit or check cards linked to bank accounts, especially online.

"Our recommendation to consumers is that they never use debit or check cards," Stephens advised. "Once that information has been compromised, it provides criminals with a direct pipeline into their banking."

One reason he advises against using debit cards is it's harder to recover losses than with credit cards. Banks also have up to 10 business days to restore money when customers file notice of a problem related to identity theft, which could be a hardship if the funds are needed immediately.

 Review credit card statements:

Routinely review statements for unauthorized purchases. If you spot one, a call to the credit card company will start an investigation and the questionable purchases will be reversed under most circumstances. Companies will also issue new account numbers upon request.

Ely warned that one tactic thieves use is changing the billing address on existing accounts to delay their detection. "If for some reason you don't get your statement on time, that would be a red flag that something might not be right," he said.

 Monitor your credit report:

Upon request, Federal law requires each of the three national credit reporting companies - Equifax, Experian and TransUnion - to provide consumers with one free credit report each year. The reports can be obtained at www.annualcreditreport.com or by mail. Consumer advocates recommend rotating requests among the three companies, obtaining a report every four months.

 Request a credit alert or freeze:

If you believe there may be a problem, you can ask the credit reporting companies to put a fraud alert and possibly a security freeze on your credit information. A fraud alert requires potential creditors to contact you or use "reasonable policies and procedures" to verify identity before issuing new credit in your name. They are free, but last for only 90 days. They can be renewed repeatedly, but it's up to a consumer to contact the companies after the first alert has expired.

Two other options: An extended fraud alert lasts up to seven years, and requires creditors to actually contact a person before issuing credit. While a security freeze is a permanent restriction to accessing an individual's credit report.

Laws vary from state to state, but in many states you can set up an extended alert or freeze, for a small fee - usually $10 or less. Freezes can be lifted, often within 15 minutes, which may be essential if you know someone, such as a prospective employer, has asked for your credit report.

 Consider monitoring:

If you're thinking about paying for a credit monitoring or identity theft service, carefully scrutinize what the service offers.

Prices vary widely, as do the features. Stephens pointed out they can cost $100 or more per year and in many cases, free monitoring through options like fraud alerts will provide similar protection. "Trying to compare them is like trying to compare apples and oranges," he said, adding that Privacy Rights Clearinghouse advises most people they aren't necessary.